Page tree
Skip to end of metadata
Go to start of metadata

Overview

The SolarWinds® LAM ingests event data from SolarWinds. The following information explains the Moogsoft AIOps configuration required to do this. For more information about SolarWinds, go to solarwinds.com.

SolarWinds offers a REST API through which event data can be received in JSON format. The SolarWinds LAM makes use of this REST API to request event data and ingest it into AIOps. The SolarWinds LAM is an HTTP client LAM. It sends HTTP requests to the SolarWinds server at configurable intervals. It parses the JSON responses received from the SolarWinds server and processes Events from the responses.

Requirements

The ingestion of event data from SolarWinds requires AIOps to be running a SolarWinds LAM, configured to parse JSON responses from SolarWinds.

The ingestion of data from SolarWinds requires access to the SolarWinds server with account credentials of an administrator level SolarWinds user. These credentials are specified in the SolarWinds LAM configuration file solarwinds_lam.conf.

There is no configuration of SolarWinds or the SolarWinds server required for operation of the SolarWinds LAM in AIOps

Capabilities 

The performance of AIOps depends on the number of events received per second and the specifications of the AIOps system on which the SolarWinds LAM is running. 

AIOps configuration

 To run the SolarWinds LAM, the following AIOps files are required and are installed by default:

FileDescription
$MOOGSOFT/config/solarwinds_lam.confSolarWinds LAM configuration file
$MOOGSOFT/bots/lambots/SolarWindsLam.jsLAMBot file; processes the event data received from SolarWinds
$MOOGSOFT_HOME/bots/moobots/AlertBuilder.jsStandard AlertBuilder Moobot file. This does not require any specific configuration for the SolarWinds LAM

 The following sections detail the steps required to configure the SolarWinds LAM and LAMBot:

 SolarWinds LAM configuration

 In the SolarWinds LAM configuration file solarwinds_lam.conf the following are mandatory:

HostDescription
hostThe hostname/IP Address of the system running SolarWinds
userThe username to access SolarWinds
passwordThe password for the user accessing SolarWinds

Other configuration options:

OptionDescriptionExample
request_intervalHow many seconds to wait between sending HTTP requests. HTTP requests ask for data from the previous interval timeIf the request_interval is 120 (two minutes), the HTTP requests ask for event data from the previous two minutes
max_intervalsHow many request_interval times to request data for, if the previous request failed
request_interval         : 120,
...
max_intervals           : 3,

With the settings above, the LAM sends a request every two minutes (120 seconds), and the maximum number of intervals is set to three. Therefore the maximum time to request data for if previous requests fail is (3 x 2) six minutes. So if the LAM starts at 09:00, requests are as follows:


09:02 - Request event data from 09:00 to 09:02... success
09:04 - Request event data from 09:02 to 09:04... fail
09:06 - Request event data from 09:02 to 09:06 (asks for data from the previous failed request)... fail
09:08 - Request event data from 09:02 to 09:08... fail
09:10 - Request event data from 09:04 to 09:10 (the maximum time to request data for is reached, so data from the last six minutes is requested)... fail
09:12 - Request event data from 09:06 to 09:12 (data from the last six minutes is requested)... success
09:14 - Request event data from 09:12 to 09:14 (previous request successful, reverts to requesting event data from the previous two minutes)


 disable_certificate_validationSet to false if the SSL certificate for the SolarWinds server is valid (default setting is true to disable SSL certificate validation for the SolarWinds server)
requests_overlapHow many seconds more than the request_interval (see above) to request data for. This is to ensure events are not missed
request_interval         : 120,
...
requests_overlap        : 10, 

With the settings above, the LAM sends a request every two minutes (120 seconds). The overlap is set to ten seconds, so each request asks for data from the last two minutes and ten seconds


 LAMBot configuration

The LAMBot processes the event data received from SolarWinds. The LAMBot script SolarWindsLam.js is configured for default operation. Configuration options available include:

  • useEventTimestamp
    Set whether to timestamp the generated Event with the current AIOps time, or the EventTime data from SolarWinds (converting to local time as required): 
    false = use the current AIOps time (default)
    true = use the EventTime value received from SolarWinds EventTime data
     
  • useNodeSeverity
    Set whether to take into account the node severity received in event data from SolarWinds (in addition to the event message content) when setting the AIOps Event severity: 
    false = do not use the node severity (default)
    true = use the node severity when setting the AIOps Event severity. This requires defining the conditions under which the severity is changed

Final steps

Start the SolarWinds Moolet and the SolarWinds LAM to begin HTTP requesting data from SolarWinds:

$MOOGSOFT_HOME/bin/farmd_cntl --start --moolet "AlertBuilderSolarWinds"
service solarwindslamd start 

 

 To check the SolarWinds LAM status:

service solarwindslamd status


To stop the SolarWinds LAM:

service solarwindslamd stop

 

Default field mapping

The following tables show the default SolarWinds field mappings to AIOps fields.
These mappings are defined in the SolarWinds LAM configuration file and within the LAMBot:

 

SolarWinds > AIOps Field Mapping
SolarWinds FieldAIOps Field Name
Orion.Events.Acknowledgedcustom_info.acknowledged
Orion.Events.EventIDexternal_id
Orion.Events.EventTimecustom_info.eventTime
Orion.Events.Messageseverity and description
Orion.Events.NetObjectIDcustom_info.netObjectID
Orion.Events.NetObjectTypeclass
Orion.Events.NetworkNodecustom_info.networkNode
Orion.EventTypes.Nameseverity and type
Orion.EventTypes.Notifycustom_info.notify
Orion.Nodes.IPAddressagent_location
Orion.Nodes.Locationagent
Orion.Nodes.MachineTypecustom_info.nodeMachineType
Orion.Nodes.NodeDescriptioncustom_info.nodeDescription
Orion.Nodes.NodeIDsource_id
Orion.Nodes.NodeNamesource
Orion.Nodes.Severitycustom_info.nodeSeverity
Orion.Nodes.Vendorcustom_info.nodeVendor

 

SolarWinds > AIOps Field Mapping
SolarWinds FieldAIOps Field Name
Orion.Events.Acknowledgedcustom_info.acknowledged
Orion.Events.EventIDexternal_id
Orion.Events.EventTimecustom_info.eventTime
Orion.Events.Messageseverity and description
Orion.Events.NetObjectIDcustom_info.netObjectID
Orion.Events.NetObjectTypeclass
Orion.Events.NetworkNodecustom_info.networkNode
Orion.EventTypes.Nameseverity and type
Orion.EventTypes.Notifycustom_info.notify
Orion.Nodes.IPAddressagent_location
Orion.Nodes.Locationagent
Orion.Nodes.MachineTypecustom_info.nodeMachineType
Orion.Nodes.NodeDescriptioncustom_info.nodeDescription
Orion.Nodes.NodeIDsource_id
Orion.Nodes.NodeNamesource
Orion.Nodes.Severitycustom_info.nodeSeverity
Orion.Nodes.Vendorcustom_info.nodeVendor

 

AIOps > SolarWinds Field Mapping
AIOps Field NameSolarWinds Field
agentOrion.Nodes.Location
agent_locationOrion.Nodes.IPAddress
agent_time<epoch-time-at-reception>
classOrion.Events.NetObjectType
custom_info.acknowledgedOrion.Events.Acknowledged
custom_info.eventTimeOrion.Events.EventTime
custom_info.netObjectIDOrion.Events.NetObjectID
custom_info.networkNodeOrion.Events.NetworkNode
custom_info.nodeDescriptionOrion.Nodes.NodeDescription
custom_info.nodeMachineTypeOrion.Nodes.MachineType
custom_info.nodeSeverityOrion.Nodes.Severity
custom_info.nodeVendorOrion.Nodes.Vendor
custom_info.notifyOrion.EventTypes.Notify
descriptionOrion.Events.Message
external_idOrion.Events.EventID
managerSolarWinds
severityOrion.EventTypes.Name +
Orion.Events.Message
sourceOrion.Nodes.NodeName
source_idOrion.Nodes.NodeID
typeOrion.EventTypes.Name
  • No labels